solarflow99 wrote:
> I think it can be done with remote logging,
> you can log everything to a network location.
> I'm sure it can be done with available tools, if necessary.
Main requirements are:
1- identifying users and not allowing "generic" login, both from network and
consoles (and "remote" consoles)
2- protecting logs from tampering and archiving for 6 months
For point 1):
- I can use centralized login to LDAP/Active Directory (Red Hat provides it
with standard tools) and allow network access only to "personal" accounts:
can I specify users/groups in SSH config?
- I can drop direct access to generic and applicative accounts by SSH
("root" is already not allowed by default)
- users can gain access to applicative accounts by "su -"
but some problems still remains:
- how can I manage administrative accesses by console (both real consoles
and remote consoles: iLO, VMware virtual consoles, etc)?
For point 2):
- can I enable remote logging only for login/logout/wrong password events?
Thanks for clarifications
--
Domenico Viggiani
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
